RILA Blog

This article is the fourth in a series of Q&A's between RILA's Senior Vice President of Retail Operations Lisa LaBruno and featured general session spekers who will present at the 2016 Retail Asset Protection Conference

​Taking a Look Inside the World of Retail Security

"Security professionals always talk about 'getting the basics right,' and it sounds like a platitude, but if doing it were easy, we wouldn't have to keep bringing it up." Security in retail is one of the most important issues retailers face today in this ever-evolving world of technology, but who are the people behind the scenes working on innovative ways to protect us?

RILA's Lisa LaBruno, senior vice president of retail operations, recently sat down with Wendy Nather, research director at the Retail Cyber Intelligence Sharing Center (R-CISC) and 2016 Retail Asset Protection Conference speaker, to get a look inside the world of retail security and what are some of the top security issues that retailers face today.

LL: What are some of the greatest security risks retailers face today?

WN: One of the greatest risks is automation, which is the criminals' best friend. As each type of attack gets automated — whether it's triangulation fraud, account takeovers, custom malware creation, or distributed denial-of-service — the burden is on the retailer to automate its defenses to match. The other side of that coin is the fact that retailers have increasingly complex environments to manage, and they have to automate the same customer functions that criminals then abuse. Convenience for the customer is potentially convenience for the criminal.

LL: What do you think is the best form of security management retailers could practice?

WN: Security professionals always talk about "getting the basics right," and it sounds like a platitude, but if doing it were easy, we wouldn't have to keep bringing it up. If you know what you have, can keep it configured the way you intended, monitor changes to it, and also make changes quickly when you have to, then that's half the battle. Buying more security technology doesn't help if you have trouble managing the underlying systems.

LL: What do you see 2016 bringing the retail industry in the way of cybersecurity trends, issues, attacks, prevention, etc.?

WN: Ransomware is very big right now, and I see it as an equal opportunity threat — it can affect small retailers just as much as larger ones. Wire fraud is another trend we're seeing among the R-CISC members: cleverly crafted emails purporting to be from the CEO or CFO, asking for urgent wire transfers. And as we develop more ways for customers to interact with us and make purchases, account takeover attacks are going to take advantage of the expanded channels.

LL: What made you transition from IT security roles to the Research Director of the Retail Cyber Intelligence Sharing Center (R-CISC)?

WN: I've worked with big organizations and small ones, and I know what it's like to try to defend an organization with no people and no budget. In working for the R-CISC, I hope to bring resources to bear for our members, no matter which sector they represent or what level of security they have today. It's one of the greatest challenges within the security field, and I have a lot of respect for the people who have been securing retail all this time.

LL: You were listed as one of SC Magazine's Women in IT Security "Power Players" in 2014 – talk about what that means to you.

WN: It was a great surprise, but I was honored to be listed. As an industry analyst, I had the opportunity to talk directly with CEOs and CTOs about their visions for their companies, and learning from the source like that is priceless. Having said that, I do hope that in the future, the presence and contributions of women in security will be so common that they don't need to be remarked on, any more than we need to call out security professionals with brown hair.